Adding new rules is easy to do. A rule can be added using the service name (found in the /etc/services file) or the port number. The most common task is to add a common user service, such as http or mysql. This is done by adding the –add-service option to the command. When the service is added, the configuration will not survive a reboot unless the –permanent option is added. Some common examples are as follows:
firewall-cmd –permanent –add-service=http
firewall-cmd –permanent –add-service=imap
firewall-cmd –permanent –add-service=pop
firewall-cmd –permanent –add-service=mysql

Optionally, you can specify the protocol and port to allow the service. The following are examples of adding TCP or UDP ports:
firewall-cmd –permanent –add-port=1521/TCP
firewall-cmd –permanent –add-port=6900/UDP

You can also remove a port or service by using the –remove-port or –remove-service options:
firewall-cmd –permanent –remove-service=pop
firewall-cmd –permanent –remove-port=6900/UDP

When you are done making changes, you will need to reload the firewall rules. This is done with the –reload option:
firewall-cmd –reload

How it works…

firewalld is based on the netfilter framework, which is a set of hooks that allows network packets to be filtered by the kernel. This framework is used to implement the iptables firewall on many Linux systems. firewalld provides a higher-level abstraction of the netfilter framework, allowing administrators to define rules in terms of services, ports, and protocols rather than directly manipulating iptables rules. One of the key advantages of firewalld is its ability to define firewall rules that match on multiple attributes. For example, administrators can define a rule that matches on both the source and destination IP address, as well as the protocol and port number. This allows more granular control over network traffic and makes it easier to define complex firewall policies.

firewalld also allows administrators to define firewall rules in terms of network zones. A zone is a set of network interfaces that are assigned a specific level of trust. For example, an administrator might define a public zone for network interfaces that are exposed to the internet and a trusted zone for network interfaces that are only accessible from trusted internal networks. Each zone can have its own set of firewall rules, allowing administrators to apply different policies to different network interfaces.